Naver Ngrinder

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Naver Ngrinder.

By the Year

In 2026 there have been 0 vulnerabilities in Naver Ngrinder. Ngrinder did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	6	0.00

It may take a day or so for new Ngrinder vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Naver Ngrinder Security Vulnerabilities

nGrinder <3.5.9: Webhook Data Leak & SSRF (CVE-2024-28216)
CVE-2024-28216 - March 07, 2024

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

AuthZ

nGrinder <3.5.9: Unauthorized Webhook Config Creation (CVE-2024-28215)
CVE-2024-28215 - March 07, 2024

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

AuthZ

nGrinder < 3.5.9: Unlimited delay leads to DoS
CVE-2024-28214 - March 07, 2024

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

nGrinder <3.5.9 Java Deserialization RCE Unauth Object Injection
CVE-2024-28213 - March 07, 2024

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

Marshaling, Unmarshaling

nGrinder<3.5.9: SnakeYAML Deserialization Allows Remote Code Exec
CVE-2024-28212 - March 07, 2024

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

Marshaling, Unmarshaling

nGrinder <3.5.9 RMI/JMX allows remote code exec
CVE-2024-28211 - March 07, 2024

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Naver Ngrinder or by Naver? Click the Watch button to subscribe.

Naver
Vendor

Naver Ngrinder
Product

Naver Ngrinder

Don't miss out!

By the Year

Recent Naver Ngrinder Security Vulnerabilities

nGrinder <3.5.9: Webhook Data Leak & SSRF (CVE-2024-28216) CVE-2024-28216 - March 07, 2024

nGrinder <3.5.9: Unauthorized Webhook Config Creation (CVE-2024-28215) CVE-2024-28215 - March 07, 2024

nGrinder < 3.5.9: Unlimited delay leads to DoS CVE-2024-28214 - March 07, 2024

nGrinder <3.5.9 Java Deserialization RCE Unauth Object Injection CVE-2024-28213 - March 07, 2024

nGrinder&lt;3.5.9: SnakeYAML Deserialization Allows Remote Code Exec CVE-2024-28212 - March 07, 2024

nGrinder <3.5.9 RMI/JMX allows remote code exec CVE-2024-28211 - March 07, 2024

Stay on top of Security Vulnerabilities

Naver Vendor

Naver NgrinderProduct

nGrinder <3.5.9: Webhook Data Leak & SSRF (CVE-2024-28216)
CVE-2024-28216 - March 07, 2024

nGrinder <3.5.9: Unauthorized Webhook Config Creation (CVE-2024-28215)
CVE-2024-28215 - March 07, 2024

nGrinder < 3.5.9: Unlimited delay leads to DoS
CVE-2024-28214 - March 07, 2024

nGrinder <3.5.9 Java Deserialization RCE Unauth Object Injection
CVE-2024-28213 - March 07, 2024

nGrinder<3.5.9: SnakeYAML Deserialization Allows Remote Code Exec
CVE-2024-28212 - March 07, 2024

nGrinder <3.5.9 RMI/JMX allows remote code exec
CVE-2024-28211 - March 07, 2024

Naver
Vendor

Naver Ngrinder
Product